The Personal Firewall's API registrations takes too long because the required MS Windows Security Center service (WSCSVC) is not yet started. By default, MS Windows starts the WSCSVC service with startup type: Automatic (delayed Start)

Set the Startup type value of WSCSVC to Automatic.

Connection to the VPN server breaks immediately after establishing.

A firewall rule set may have been damaged during transfer from the VPN server to the client. Disconnect all applications and connect again to solve the issue. This behavior may also occur with slow connections. Increase the Keep alive (seconds) parameter (see Advanced Settings Tab) if you encounter any problems.

As a workaround, you may disable the respective process entry in the Microsoft Event Monitor by disabling the process monitor for the Barracuda NG Access Client 2.0 SPx. To do so, set this DWORD registry entry to a value of "0":

The crypto service provider (e.g., Smartcard from aTrust) does not support native RSA access.

In this case, set the Probe Encryption option within VPN Profile> Properties> Connection Entries to No. Thereby, the probe encryption will not be executed prior to the actual connecting process. The user is then prompted for the PIN and will have 20 seconds to enter it before the timeout at the VPN service is reached.

A VPN connection can not be not established due to a Firewall Status mismatch error.

The VPN Service on the Barracuda NG Firewall drops incoming connection request by a Barracuda NG Network Access Client with a version number below 2.0 SP3 and generates the following error message into the VPN Log:

To allow these older clients to connect to the VPN service, navigate in Barracuda NG Admin to Config > Box > Virtual Servers > [Servername] > Assigned Services > [Servicename] > Client to Site > External CA > Group Policy and clear the Firewall Always ON check box. Ask your administrator to process this if you have no access to the Barracuda NG Firewall by yourself.

Could not connect to serverConnectLib,Open() failed: could not open DIRECT connection, IOStreamSock: Connect(x.x.x.x:691): TIMEOUTError while connect to x.x.x.x:691 (proto=TCP)

This message appears only if the server's IP address is reachable, but at the same time no listen port (UDP/TCP 691) is available.

The VPN Service listens by default on the first and the second server IP address. For additional server IP addresses, it is necessary to bind the service manually to these additional IP addresses. Navigate to Config > Box > Virtual Servers > [Servername] > Assigned Services > [Servicename] > Service Properties > Service Availability in order to achieve this.